The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions before 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotal software cloud foundry elastic runtime 1.6.3 |
||
pivotal software cloud foundry elastic runtime 1.6.4 |
||
pivotal software cloud foundry elastic runtime 1.6.5 |
||
pivotal software cloud foundry elastic runtime 1.6.6 |
||
pivotal software cloud foundry elastic runtime 1.6.19 |
||
pivotal software cloud foundry uaa 3.0.0 |
||
pivotal software cloud foundry uaa 3.0.1 |
||
pivotal software cloud foundry uaa 3.1.0 |
||
pivotal software cloud foundry 219 |
||
pivotal software cloud foundry 220 |
||
pivotal software cloud foundry 221 |
||
pivotal software cloud foundry 222 |
||
pivotal software login-server - |
||
cloudfoundry cloud foundry uaa bosh 6 |
||
pivotal software cloud foundry elastic runtime 1.6.0 |
||
pivotal software cloud foundry elastic runtime 1.6.2 |
||
pivotal software cloud foundry elastic runtime 1.6.7 |
||
pivotal software cloud foundry elastic runtime 1.6.9 |
||
pivotal software cloud foundry elastic runtime 1.6.16 |
||
pivotal software cloud foundry elastic runtime 1.6.18 |
||
pivotal software cloud foundry uaa 3.2.0 |
||
pivotal software cloud foundry 208 |
||
pivotal software cloud foundry 210 |
||
pivotal software cloud foundry 215 |
||
pivotal software cloud foundry 217 |
||
pivotal software cloud foundry 224 |
||
pivotal software cloud foundry 226 |
||
cloudfoundry cloud foundry uaa bosh 2 |
||
cloudfoundry cloud foundry uaa bosh 3 |
||
cloudfoundry cloud foundry uaa bosh 4 |
||
cloudfoundry cloud foundry uaa bosh 5 |
||
pivotal software cloud foundry elastic runtime 1.6.11 |
||
pivotal software cloud foundry elastic runtime 1.6.12 |
||
pivotal software cloud foundry elastic runtime 1.6.13 |
||
pivotal software cloud foundry elastic runtime 1.6.14 |
||
pivotal software cloud foundry 211 |
||
pivotal software cloud foundry 212 |
||
pivotal software cloud foundry 213 |
||
pivotal software cloud foundry 214 |
||
pivotal software cloud foundry 227 |
||
pivotal software cloud foundry 228 |
||
pivotal software cloud foundry 229 |
||
pivotal software cloud foundry 230 |
||
pivotal software cloud foundry 231 |
||
cloudfoundry cloud foundry uaa bosh 7 |
||
pivotal software cloud foundry elastic runtime 1.6.1 |
||
pivotal software cloud foundry elastic runtime 1.6.8 |
||
pivotal software cloud foundry elastic runtime 1.6.10 |
||
pivotal software cloud foundry elastic runtime 1.6.15 |
||
pivotal software cloud foundry elastic runtime 1.6.17 |
||
pivotal software cloud foundry uaa |
||
pivotal software cloud foundry 209 |
||
pivotal software cloud foundry 216 |
||
pivotal software cloud foundry 218 |
||
pivotal software cloud foundry 223 |
||
pivotal software cloud foundry 225 |
||
pivotal software cloud foundry 241 |